If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rating: | Display Modes |
#16
|
|||
|
|||
Windows 8 Firewall - How Good Is It?
On 06/09/2013 04:28 AM, mechanic wrote:
On Sat, 08 Jun 2013 17:47:35 -0400, Juan Wei wrote: If you are shooting through a NAT router (if your I.P. is 192.168.xxx.xxx, you have a NAT router), you will need to connect directly to the Internet. How do you do that? And why? Because a NAT router will reject unsolicited packets comes at it and these test packets will never get through to your firewall. Reasonable test of your router. But, not of your personal firewall. |
Ads |
#17
|
|||
|
|||
Windows 8 Firewall - How Good Is It?
On 06/09/2013 09:59 AM, Juan Wei wrote:
Juan Wei has written on 6/8/2013 5:47 PM: Todd has written on 6/8/2013 4:23 PM: Is anybody here concerned about the effectiveness of the Windows 8 firewall? Did you install a third-party one? Hi, I write iptables (Linux) firewalls for a living. One of the big issues with M$ is that they couldn't give a hoot about security. They are all about marketing. M$ has frequently left services open that can be easily exploited. Go look how your firewall performs for yourself at GRC. You are looking for the Shields Up test. https://www.grc.com/x/ne.dll?bh0bkyd2 If you are shooting through a NAT router (if your I.P. is 192.168.xxx.xxx, you have a NAT router), you will need to connect directly to the Internet. How do you do that? You want all your ports to be in stealth mode (drop) when probed from the outside, unless you deliberately have a service open for something. My Westell 327W has these firewall modes: 1. Maximum Security (High) The high security setting only allows basic Internet functionality. The High security setting guarantees to only pass Mail, News, Web, FTP, and IPSEC. All other traffic is not allowed. High security restricts modification by NAT configuration options. 2. Typical Security (Medium) The medium security setting only allows basic Internet functionality by default, just like High level security. Medium security, however, allows customization through Port Forwarding configuration so certain traffic can pass. 3. Minimum Security (Low) The low security setting will allow all traffic except for known attacks. With low, your modem is visible by other computers on the Internet. 4. No Security 5. Custom Security. Default "Inbound" rules: title [ Security Level Low IN rules ] begin RulesDropFrom192 drop from addr %LANADDR%:%LANMASK% done, alert 0 [WAN Traffic from LAN IP] RulesPass pass all RulesDropAddress drop from addr 0.0.0.0 done, alert 4 [ 0.0.0.0 Source IP Address] RulesPassUDP pass protocol udp, to port 53 done pass protocol udp, from port 53 done RulesDropICMP drop protocol icmp alert 4 [ICMP Message To WAN IP] RulesDropWANUDP drop protocol udp, to addr %WANADDR%:32 done, alert 4 [UDP WAN Traffic to WAN IP] RulesDropWANTCP drop protocol tcp, to addr %WANADDR%:32 done, alert 4 [TCP WAN Traffic to WAN IP] RulesPassGoodICMP pass protocol icmp, to addr %WANADDR%:32 done, alert 0 [Responding to WAN Ping] RulesPassGoodICMP pass protocol icmp, to addr %LANADDR%:%LANMASK% done, alert 0 [Nat'ed LOCAL PING] end Default "Outbound" rules: title [ Security Level Low OUT rules ] begin RulesDropNETBIOS drop to port = 135, to port = 139 done, alert 4 [Dropping NETBIOS Traffic] RulesPass pass all end What do you recommend? Many thanks. You're providing a very important service here. Just go for the Typical (Medium). The High will be a pain in the butt. Make sure you have your personal firewall (meaning the one on your own computer) active as well. The idea here is to set up several fences. Don't rely on a single fence for all your protection. It is easy for the bad guys to find ways over a single fence, but multiples give them a bad time. Another good fence is to not use Internet Explorer or anything that uses it for its rendering engine (Outlook, etc.) And, use only as many Windows based computers as you are forced to. |
#18
|
|||
|
|||
Windows 8 Firewall - How Good Is It?
Todd has written on 6/10/2013 3:18 PM:
snip Just go for the Typical (Medium). The High will be a pain in the butt. Make sure you have your personal firewall (meaning the one on your own computer) active as well. The idea here is to set up several fences. Don't rely on a single fence for all your protection. It is easy for the bad guys to find ways over a single fence, but multiples give them a bad time. Another good fence is to not use Internet Explorer or anything that uses it for its rendering engine (Outlook, etc.) Even IE10??? Thanks. |
#19
|
|||
|
|||
Windows 8 Firewall - How Good Is It?
On Mon, 10 Jun 2013 11:55:29 -0700, Todd wrote:
On 06/09/2013 04:28 AM, mechanic wrote: On Sat, 08 Jun 2013 17:47:35 -0400, Juan Wei wrote: If you are shooting through a NAT router (if your I.P. is 192.168.xxx.xxx, you have a NAT router), you will need to connect directly to the Internet. How do you do that? And why? Because a NAT router will reject unsolicited packets comes at it and these test packets will never get through to your firewall. Reasonable test of your router. But, not of your personal firewall. So? What gets through to my machine - or not - is what I want to know. If it's the router that stops the bad guys that's fine by me. |
#20
|
|||
|
|||
Windows 8 Firewall - How Good Is It?
On 06/10/2013 12:44 PM, mechanic wrote:
On Mon, 10 Jun 2013 11:55:29 -0700, Todd wrote: On 06/09/2013 04:28 AM, mechanic wrote: On Sat, 08 Jun 2013 17:47:35 -0400, Juan Wei wrote: If you are shooting through a NAT router (if your I.P. is 192.168.xxx.xxx, you have a NAT router), you will need to connect directly to the Internet. How do you do that? And why? Because a NAT router will reject unsolicited packets comes at it and these test packets will never get through to your firewall. Reasonable test of your router. But, not of your personal firewall. So? What gets through to my machine - or not - is what I want to know. If it's the router that stops the bad guys that's fine by me. True, but not the question. The question was how well a particular personal firewall worked. You can't test it if something else is in the way. By all means, put the NAT router back in place after you test your personal firewall! |
#21
|
|||
|
|||
Windows 8 Firewall - How Good Is It?
On 06/10/2013 12:35 PM, Juan Wei wrote:
Todd has written on 6/10/2013 3:18 PM: snip Just go for the Typical (Medium). The High will be a pain in the butt. Make sure you have your personal firewall (meaning the one on your own computer) active as well. The idea here is to set up several fences. Don't rely on a single fence for all your protection. It is easy for the bad guys to find ways over a single fence, but multiples give them a bad time. Another good fence is to not use Internet Explorer or anything that uses it for its rendering engine (Outlook, etc.) Even IE10??? Thanks. Don't use IE period. Firefox, by the way, pays a bounty of $2500.00 for security bugs (or use to). It usually takes them about two days to fix a security bug. They are really, really serious about security. (You can still catch a virus with Firefox -- it's just a lot harder.) M$ of the other hand, takes six months to never to fix security bugs. Blaster was one of these viruses. The bad guy just had to look up on the web to see what vulnerability had not been fixed and write his virus to match. Easy stuff. Another couple of fences: turn off (uninstall) Java and Flash if you don't need them. (I need them, but then again, I am not sending you this from Windows.) -T |
#22
|
|||
|
|||
Windows 8 Firewall - How Good Is It?
Todd has written on 6/10/2013 3:53 PM:
On 06/10/2013 12:35 PM, Juan Wei wrote: Todd has written on 6/10/2013 3:18 PM: snip Just go for the Typical (Medium). The High will be a pain in the butt. Make sure you have your personal firewall (meaning the one on your own computer) active as well. The idea here is to set up several fences. Don't rely on a single fence for all your protection. It is easy for the bad guys to find ways over a single fence, but multiples give them a bad time. Another good fence is to not use Internet Explorer or anything that uses it for its rendering engine (Outlook, etc.) Even IE10??? Thanks. Don't use IE period. Why not? |
#23
|
|||
|
|||
Windows 8 Firewall - How Good Is It?
Todd has written on 6/8/2013 4:23 PM:
Go look how your firewall performs for yourself at GRC. You are looking for the Shields Up test. https://www.grc.com/x/ne.dll?bh0bkyd2 If you are shooting through a NAT router (if your I.P. is 192.168.xxx.xxx, you have a NAT router), you will need to connect directly to the Internet. How do you connect directly to the Interne if you have a NAT router? Thanks. |
#24
|
|||
|
|||
Windows 8 Firewall - How Good Is It?
On 06/10/2013 12:59 PM, Juan Wei wrote:
Todd has written on 6/10/2013 3:53 PM: On 06/10/2013 12:35 PM, Juan Wei wrote: Todd has written on 6/10/2013 3:18 PM: snip Just go for the Typical (Medium). The High will be a pain in the butt. Make sure you have your personal firewall (meaning the one on your own computer) active as well. The idea here is to set up several fences. Don't rely on a single fence for all your protection. It is easy for the bad guys to find ways over a single fence, but multiples give them a bad time. Another good fence is to not use Internet Explorer or anything that uses it for its rendering engine (Outlook, etc.) Even IE10??? Thanks. Don't use IE period. Why not? Arguably, it is responsible for 85% of the virus infections out there. You can always google IE and security issues. |
#25
|
|||
|
|||
Windows 8 Firewall - How Good Is It?
On 06/10/2013 01:01 PM, Juan Wei wrote:
Todd has written on 6/8/2013 4:23 PM: Go look how your firewall performs for yourself at GRC. You are looking for the Shields Up test. https://www.grc.com/x/ne.dll?bh0bkyd2 If you are shooting through a NAT router (if your I.P. is 192.168.xxx.xxx, you have a NAT router), you will need to connect directly to the Internet. How do you connect directly to the Interne if you have a NAT router? Thanks. Okay, most Internet modems provide dynamic addressed to the local side. If you have a fix IP, then its gets more complicated and you should call for a nerd. That said, you take the cable that is going into the NAT router's WAN (Wide Area Network) port and connect it to your computer's Ethernet port. If you are using a Cable Modem (Charter), you will have to power cycle the modem, as it will only accept one device attached to it at a time. If you are able to surf the Internet when you get your cable repositioned, you are ready to go to GRC and Shields Up. Get off direct connection as soon a possible. And power cycle your cable modem when you put everything back to normal. |
#26
|
|||
|
|||
Windows 8 Firewall - How Good Is It?
Todd has written on 6/10/2013 4:09 PM:
On 06/10/2013 12:59 PM, Juan Wei wrote: Todd has written on 6/10/2013 3:53 PM: Another good fence is to not use Internet Explorer or anything that uses it for its rendering engine (Outlook, etc.) Even IE10??? Thanks. Don't use IE period. Why not? Arguably, it is responsible for 85% of the virus infections out there. You can always google IE and security issues. I did. tomshardware.com said, "NSS Labs has released a new edition of its security report that evaluates a browser's ability to block socially engineered malware. "The results reflect the ranking of the previously released report in August of 2011 and found Internet Explorer (version 10) to be the safest browser in this discipline under Windows 8. NSS Labs said that IE10 blocked 99.1 percent of the malware it was exposed to (virtually dead-even with the 99.2 percent result from August of last year), but Chrome improved its 13.2 percent result to 70.4 percent due to the integration of enhanced file-based reputation screening. " sitepont.com said, "Microsoft do not have a reputation for producing secure software but the company is working hard to rectify that. Internet Explorer is as good — if not better — than its competitors. " |
#27
|
|||
|
|||
Windows 8 Firewall - How Good Is It?
Todd has written on 6/10/2013 4:17 PM:
On 06/10/2013 01:01 PM, Juan Wei wrote: Todd has written on 6/8/2013 4:23 PM: Go look how your firewall performs for yourself at GRC. You are looking for the Shields Up test. https://www.grc.com/x/ne.dll?bh0bkyd2 If you are shooting through a NAT router (if your I.P. is 192.168.xxx.xxx, you have a NAT router), you will need to connect directly to the Internet. How do you connect directly to the Interne if you have a NAT router? Thanks. Okay, most Internet modems provide dynamic addressed to the local side. If you have a fix IP, then its gets more complicated and you should call for a nerd. That said, you take the cable that is going into the NAT router's WAN (Wide Area Network) port and connect it to your computer's Ethernet port. If you are using a Cable Modem (Charter), you will have to power cycle the modem, as it will only accept one device attached to it at a time. I have a DSL modem/router (Westell 327W). My desktop computer already connects to it via Ethernet cable. Are you thinking of separate modems and routers? |
#28
|
|||
|
|||
Windows 8 Firewall - How Good Is It?
On 06/10/2013 05:20 PM, Juan Wei wrote:
Todd has written on 6/10/2013 4:09 PM: On 06/10/2013 12:59 PM, Juan Wei wrote: Todd has written on 6/10/2013 3:53 PM: Another good fence is to not use Internet Explorer or anything that uses it for its rendering engine (Outlook, etc.) Even IE10??? Thanks. Don't use IE period. Why not? Arguably, it is responsible for 85% of the virus infections out there. You can always google IE and security issues. I did. tomshardware.com said, "NSS Labs has released a new edition of its security report that evaluates a browser's ability to block socially engineered malware. "The results reflect the ranking of the previously released report in August of 2011 and found Internet Explorer (version 10) to be the safest browser in this discipline under Windows 8. NSS Labs said that IE10 blocked 99.1 percent of the malware it was exposed to (virtually dead-even with the 99.2 percent result from August of last year), but Chrome improved its 13.2 percent result to 70.4 percent due to the integration of enhanced file-based reputation screening. " sitepont.com said, "Microsoft do not have a reputation for producing secure software but the company is working hard to rectify that. Internet Explorer is as good — if not better — than its competitors. " The key words to look at is "socially engineered malware". That is a tiny part of the problem. Where IE is horrible is when you log into an infected web site with IE and get instantly clobbered. "socially engineered malware" is the type that tricks you into installing the software for them. |
#29
|
|||
|
|||
Windows 8 Firewall - How Good Is It?
On 06/10/2013 05:22 PM, Juan Wei wrote:
Todd has written on 6/10/2013 4:17 PM: On 06/10/2013 01:01 PM, Juan Wei wrote: Todd has written on 6/8/2013 4:23 PM: Go look how your firewall performs for yourself at GRC. You are looking for the Shields Up test. https://www.grc.com/x/ne.dll?bh0bkyd2 If you are shooting through a NAT router (if your I.P. is 192.168.xxx.xxx, you have a NAT router), you will need to connect directly to the Internet. How do you connect directly to the Interne if you have a NAT router? Thanks. Okay, most Internet modems provide dynamic addressed to the local side. If you have a fix IP, then its gets more complicated and you should call for a nerd. That said, you take the cable that is going into the NAT router's WAN (Wide Area Network) port and connect it to your computer's Ethernet port. If you are using a Cable Modem (Charter), you will have to power cycle the modem, as it will only accept one device attached to it at a time. I have a DSL modem/router (Westell 327W). My desktop computer already connects to it via Ethernet cable. Are you thinking of separate modems and routers? Yes. If your DSL modem and router are the same unit, you have to tell you modem to be a pass through modem. This gets a bit harry for the uninitiated. If your installation is fixed and you pass GRC's Shields Up, plus you have your personal firewall in place, you should be fine. Also, firewalls do not protect against invited traffic, like infected web pages, eMail, "socially engineered malware", etc.. They protect against uninvited traffic. For invited traffic, you need a good anti virus and your own common sense. You are the last and final fence. |
#30
|
|||
|
|||
Windows 8 Firewall - How Good Is It?
On 6/8/2013 6:11 AM PT, Bucky Breeder typed:
When you know what you're doing, you don't need no steenkeen firewall! How do you block outgoing connections without a firewall and still be online then? :P -- "Imagine what it would be like to dive into a pool of army ants? You would be nothing but bone in a matter of seconds. If you're not up to that, just imagine putting your hand in a jar of them. It would have to be labeled corrosive or something." --Zhan Huan Zhou /\___/\ Ant(Dude) @ http://antfarm.ma.cx (Personal Web Site) / /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net | |o o| | \ _ / If crediting, then use Ant nickname and AQFL URL/link. ( ) If e-mailing, then axe ANT from its address if needed. Ant is currently not listening to any songs on this computer. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|